Des Moines-based broker Voya Financial Advisors (VFA) has been fined $1 million in a cybersecurity case that’s the first under the Identity Theft Red Flags Rule. VFA has agreed to pay the fines in relation to a case that saw their systems compromised and the personal information of thousands of the firm’s customers at risk.
The SEC announced this week that it has charged VFA with violating the Safeguards Rule and the Identity Theft Red Flags Rule. These rules were designed to protect customers from cyberattack activity, and protect customers and their confidential information.
In April 2016, over a six-day period, one or more individuals posing as an independent contractor called VFA’s technical support number to request portal password resets for three representatives. Two of those calls came from phone numbers that were used in previous fraudulent activities. Technical support personnel not only reset these passwords but provided the usernames as well.